It is possible for `shortName` to be calculated as the 0 bytes, breaking certain invariants

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

A dev will lose rewards if after claiming his rewards he mints an NFT

Pause and unpause functions are inaccessible

Lack of ability to make an some external function calls makes the DAO stage unreachable.

Rebasing tokens that are used as staking tokens can prevent users from withdrawing

Staking contract is not able to support native USDB/WETH

Protocol fees collected in PairFees are lost due to accrued yield

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

Attack to make ````CurveSubject```` to be a ````HoneyPot````

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

The same signature can be used in different `distribution` implementation causing that the caller who owns the signature, can distribute on unauthorized implementations

High - Funds can be lost if any participant is blacklisted

Threshold check for adding of new tiers is skipped when `_nextNumberOfTiers` is at the maximum

Missing `payable` in `execute()`

Fee on transfer token deposited into escrow cannot be withdrawn

Withdrawing of collateral can be DOSed by anyone

Owner can steal from lender by changing the LenderManager contract

Manipulation of total share amount might cause future depositors to lose their assets

`Factory.create`: Predictability of pool address creates multiple issues.

Royalty recipients will not get fair share of royalties

`changeFeeQuote` will fail for low decimal ERC20 tokens

Deposit queue and rollover queue can be DOS by a malicious user

User can avoid paying depositFee by rolling over from previous epoch

`enlistInRollover()` wrongly updates state of `ownerToRollOverQueueIndex[_receiver]`

Epoch is considered both started and not started when `block.timestamp == epochConfig[_id].epochBegin`

It is still possible for users to lose their funds when the counterparty vault has no deposits

Collateral ratio is computed wrongly for collaterals that are not 18 decimals

Protection may not be expirable due to out-of-gas possiblity

`fundingTotals` is not accounted for when deposits are refunded

`refundDeposit()` can reach the out-of-gas state

An attacker can use a malicious token contract to force prevent atomic bounty and tiered percentage bounty claims

Whitelisted tokens are not limited by `TOKEN_ADDRESS_LIMIT`

`getLockedFunds()` is calculating locked funds wrongly if there are claims made

Protocol fees can be withdrawn multiple times in `Erc20Quest`

Lender cannot choose the exact amount of `duration` they allow Borrower to extend the loan by

`transfer()` and `transferFrom()` should not be used for arbitrary tokens

Terms for expiry date for loans can be bypassed

`moveQuoteToken()` can cause bucket to go bankrupt but it is not reflected in the accounting

A bucket can go bankrupt without the bankruptcy time being updated

Interest rate for pool is bounded wrongly

Assets can be stolen when rebalancing if there are excess tokens in spot swap

Funds that are meant to be used for insurance can be maliciously used to pay for rebalance instead.

Protocol cannot actually rebalanceNegative due to missing approval.

Wrong number of decimals used when depositing `quoteAmount` in rebalance

Hijacking of node operators minipool causes loss of staked funds

slashing fails when node operator doesn't have enough staked `GGP`

Recreated pools receive a wrong AVAX amount due to miscalculated compounded liquid staker amount

NodeOp funds may be trapped by a invalid state transition

Protocol safeguards for time durations are skewed by a factor of 7. Protocol may potentially lock NFT for period of 7 years.

First depositor can break minting of shares

Price will not always be 18 decimals, as expected and outlined in the comments

Rounding error in buyQuote might result in free tokens

Chainlink price feed is not sufficiently validated and can return stale price

`LPDA` price can underflow the price due to bad settings and potentially brick the contract

ETH will get stuck if all NFTs do not get sold.

Unsafe downcasting operation truncate user's input

selfdestruct() will not be available after EIP-4758

`deposits[]` and `withdraws[]` are unbounded. This will lead to users being unable to `withdrawUSDC()` or `dequeueCrab()`

Malicious user with a USDC blacklisted address can break the protocol's `netAtPrice()` functionality

Wrong number of decimals used in computation result in wrong values of WETH transferred

Insufficient check in `getOraclePrice()` can return incorrect data

Assumption that 1 USDC = 1 USD is extremely dangerous in the event of a depeg of USDC

Timelock for `changeCollateralType()` is much lesser than intended

`slash()` can be frontrunned to avoid the penalty imposed on them

`transfer()` and `transferFrom()` should not be used when interacting with arbitrary ERC20 tokens

Reentrancy in LiquidStakingManager.sol#withdrawETHForKnow leads to loss of fund from smart wallet.

Address.isContract() is not a reliable way of checking if the input is an EOA

Node runners can lose all their stake rewards due to how the DAO commissions can be set to a 100%

GiantPool should not check ETH amount on withdrawal

Adding non EOA representative

Withdrawing wrong LPToken from GiantPool leads to loss of funds

Usage of transfer can lock out funds if gas cost changes

ERC20 transfer used for arbitrary tokens can fail silently

Attacker may DOS auctions using invalid bid parameters

Owner can transfer all ERC20 reward token out using function recoverERC20

`_deleteLienPosition()` is lacking access control

_validateCommitment() can be bypassed as 0 address is not checked on the return value of ecrecover

`protocolFee` and `buyoutFee` are not set in constructor() and there is no way to set its value

Auction time extension in `createBid()` is calculated wrongly

AuctionHouse max duration is not used correctly

Making a payment to the protocol with `_dontMint` parameter will result in lost fund for user.

`cancelVouch()` can break some parts of the protocol due to the way it changes the vouchers array.

`redeem()` may not withdraw the correct amount of underlying token for caller for the number of uTokens burned

`removeAdapter()` does not ensure that the money market that is removed no longer carries any assets.

`removeAdaptor()` is not removing the removed money market from `withdrawSeq[]`.

User unable to withdraw at the end of an auction if the order they placed is the same as clearing price, but did not receive any fills.

Auction can potentially sell more contracts than it has collateral for.

_getNextFriday() returns wrong value when timestamp is between Monday 12am and 8am.

frxETHMinter.depositEther may run out of gas, leading to lost ETH

withdrawPayments() will not be callable once opcode gas cost increases

function changeController() has rug potential as admin can unilaterally withdraw all user funds from both risk and insure vaults

Loss of Veto Power can Lead to 51% Attack

After endorsing a proposal, user can transfer votes to another user for endorsing the same proposal again

ERROR IN UPDATING **_checkpoint** IN THE **increaseUnlockTime** FUNCTION

Possible to bypass saleConfig.limitPerAccount